Frequently asked questions on using

How do I work with my auditor in makes it easy to grant your auditor remote access to your ISMS. You can create users for individuals within the auditing organisation and define the areas of your ISMS that are accessible to your auditor.

What add-ons are available with comes with all of the pre-built work areas that you need to achieve certification with ISO 27001, but we have a number of add-ons which will make the implementation and management of your ISMS even easier.
  • Policy Packs allow you to elegantly publish relevant parts of your ISMS in a ‘kindle like fashion’ to others and allows them to easily demonstrate their compliance. With fast-moving threats and changes to business regulation, dynamically updating your Policies and ensuring compliance to amendments very quickly is essential
  • Virtual Coach – Deliver focused and fast implementation success. A complimentary service delivering expert yet practical guidance, including our Assured Results Method (ARM)
  • Accounts – Achieve information security in the supply chain with a joined-up approach to supplier management

How secure is my information?

Our organisation, platform, and UK data centres hold UKAS accredited ISO 27001:2103 certification. The data centres have a duplicate system failover in case of loss. We also hold a number of other complementary accreditations and certifications because of our work with the UK Government. This means we conduct regular CHECK penetration tests of the services and have additional responsibilities that go beyond ISO 27001. This gives our customers security and assurance in our solution and cloud services. Read more about our security credentials.

Where is my data stored?

The data is stored in a UK Data Centre that like us, meets all the expected security accreditations including a UKAS Accredited ISO 27001:2013 certification. The data centre also has the new cloud provider ISO 27018 standard as well.

Is my data backed up?

Hourly and daily snapshots of data are taken and we retain data for at least 28 days. Backed up data is protected with an encryption scheme that meets or exceeds that which we have specified within A.10.1.1 of our ISO 27001 controls.

If I want to terminate at the end of my subscription what happens to my data?

We retain your data for one-month post-termination. This gives you ample time to export or copy any information out of your environment.

Is it possible to download a full backup of all the data in

The short answer is yes. We currently offer a range of exports and reports and your information can be downloaded during your journey or in the event you choose to unsubscribe.

Am I able to extract, edit, and re-upload the policies you provide in the platform?

Editing of policies is normally done within, in the workspace provided (with full revision/audit trail). We recommend using this workspace wherever possible as you can create links to other relevant areas of the platform for visibility and speedy access. In some instances, you may choose to upload documents to The version control features allow for documents to be ‘checked-out’ to show other users they are being worked on and then uploaded as a new version. Whichever method you choose to manage your policies, full revision history and version control is taken care of.

Can I upload my existing procedures and policies documents?

Yes. You can copy and paste them directly into the Notes areas within your ISO 27001 (or GDPR) framework, or you can upload a document. Either way, you’ll have a full audit trail of date, time and revisions.

Can I upload our existing Assets, Risks and Supply chain accounts to

Yes, users can easily import assets, risks and supply chain accounts to users can simply complete the provided import templates and we’ll do the rest.

What file formats can be uploaded into the platform?

Our platform supports all standard file formats including Word, Excel, pdf, video, sound, ppt, png, and many more. You can also hyperlink to existing documentation in your Google Drive or Shared folders.

Can the information entered into the system be exported into a spreadsheet? Can this be done individually for each section/table and globally for the entire system?

Our online platform is designed for easy team working and management overview, and as such, most of your ISMS work will be undertaken on the platform. Clusters and Dashboards make light of management reviews and committee meetings by bringing your ISMS together in one place. Using Clusters and Dashboards allows you to save time on reporting performance or chasing on progress, by providing a clear view of outstanding actions, progress and information relating to your ISMS. This will enable you and your colleagues to inform important decisions and practice continual improvement. recognises the need for external reporting and, therefore, there are a number of reporting and exporting options which are available in MS Word, Excel and PDF format depending on the nature of the report being requested. You can also take a screenshot, using your browser print screen options. Examples of exports and reports available in include:
  • The policies and controls export, which includes links to any attached documents
  • The risk management, applicable legislation & interested parties tables
  • Measurement and KPI reports
  • The Gantt chart, which allows you to view the critical path for your policies and controls

Is it possible to create multiple users at the same time in allows organisations to effortlessly create multiple users at once. User details can be imported to your organisation, and it is even possible to define when you would like newly created users to receive their welcome email.

Does offer Single Sign-On (SSO)? supports SSO using SAML 2.0. Our list of identity providers is ever-growing. Examples of the identity providers supported by include Google, Microsoft Azure Active Directory and Okta.

What are the user types in the subscription?

Our cost-effective solutions are based on usage, users and scope. Your annual platform licence will come with a set number of ‘Regular’ users, subject to that scope, and will always have the option to add extras.   Some individuals within your organisation will be accessing the platform on a regular basis to work on your ISMS. These users are ‘Regular’ users and include policy creators, approvers, your ISMS management board, and possibly risk and incident owners. Staff within your organisation will read and demonstrate policy compliance and observe ISMS updates. They may also work on a short-term project in such as an HR Induction Programme. Users conducting only these sort of activities are ‘occasional’ users. ‘Occasional’ users can be created for a nominal fee as part of your subscription. For those subscribing to the Staff Training Engagement package, which includes our popular Policy Pack feature, 15 occasional users come included as standard and there is an option to add extra if needed. You can request your personalised quotation here.

Can I have access to a demo environment to ‘test-drive’?

Whilst our system is really easy and intuitive to use, it does cover a large and complex subject matter. It also contains a huge amount of IP in terms of our methodologies, policies and controls. For this reason, it’s currently not available in a test environment. We’d love to conduct a recorded demo and if you love the system but are still worried, a trial period can be discussed. Clearly, we all need to know what success looks like so that we can support you in achieving your goals.

Is there an on-premise version of the software or is there only a SaaS option?

We currently only promote our SaaS version of the software on the website. We can offer an on-premise option by exception but it is much more expensive than our SaaS offering for obvious reasons and would require some upfront consulting work too. Our complete SaaS services start around just £300 per month for micro-businesses whereas the on-premise starts at £50,000 GBP regardless of organisation size.

Do you support Common Controls?

The Common Controls are a way to harmonize differences in wording across the Authority Documents (ISO27K, NIST, HIPPA, SOX, etc.) and as such may be relevant to large, multi-national organisations. The platform does not currently support Common Controls, however, we do support various frameworks and powerful linking between them.

How do I sign up to receive business updates from

You can subscribe to our newsletter here. You may also be notified about changes whilst using